diff options
| -rw-r--r-- | src/basic/copy.c | 4 | ||||
| -rw-r--r-- | src/basic/copy.h | 5 | ||||
| -rw-r--r-- | src/basic/fs-util.c | 28 | ||||
| -rw-r--r-- | src/basic/fs-util.h | 5 | ||||
| -rw-r--r-- | src/sysusers/sysusers.c | 145 |
5 files changed, 116 insertions, 71 deletions
diff --git a/src/basic/copy.c b/src/basic/copy.c index af9ac842a1..ed9f2ba3ff 100644 --- a/src/basic/copy.c +++ b/src/basic/copy.c @@ -1243,7 +1243,7 @@ int copy_access(int fdf, int fdt) { return 0; } -int copy_rights(int fdf, int fdt) { +int copy_rights_with_fallback(int fdf, int fdt, const char *patht) { struct stat st; assert(fdf >= 0); @@ -1254,7 +1254,7 @@ int copy_rights(int fdf, int fdt) { if (fstat(fdf, &st) < 0) return -errno; - return fchmod_and_chown(fdt, st.st_mode & 07777, st.st_uid, st.st_gid); + return fchmod_and_chown_with_fallback(fdt, patht, st.st_mode & 07777, st.st_uid, st.st_gid); } int copy_xattr(int fdf, int fdt) { diff --git a/src/basic/copy.h b/src/basic/copy.h index da3ba07ad2..b36ddfcb01 100644 --- a/src/basic/copy.h +++ b/src/basic/copy.h @@ -64,5 +64,8 @@ static inline int copy_bytes(int fdf, int fdt, uint64_t max_bytes, CopyFlags cop int copy_times(int fdf, int fdt, CopyFlags flags); int copy_access(int fdf, int fdt); -int copy_rights(int fdf, int fdt); +int copy_rights_with_fallback(int fdf, int fdt, const char *patht); +static inline int copy_rights(int fdf, int fdt) { + return copy_rights_with_fallback(fdf, fdt, NULL); /* no fallback */ +} int copy_xattr(int fdf, int fdt); diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c index e8435cab2c..a4d772777e 100644 --- a/src/basic/fs-util.c +++ b/src/basic/fs-util.c @@ -227,7 +227,7 @@ int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) { return fchmod_and_chown(fd, mode, uid, gid); } -int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { +int fchmod_and_chown_with_fallback(int fd, const char *path, mode_t mode, uid_t uid, gid_t gid) { bool do_chown, do_chmod; struct stat st; int r; @@ -238,7 +238,11 @@ int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { * unaffected if the uid/gid is changed, i.e. it undoes implicit suid/sgid dropping the kernel does * on chown(). * - * This call is happy with O_PATH fds. */ + * This call is happy with O_PATH fds. + * + * If path is given, allow a fallback path which does not use /proc/self/fd/. On any normal system + * /proc will be mounted, but in certain improperly assembled environments it might not be. This is + * less secure (potential TOCTOU), so should only be used after consideration. */ if (fstat(fd, &st) < 0) return -errno; @@ -263,8 +267,14 @@ int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { if (((minimal ^ st.st_mode) & 07777) != 0) { r = fchmod_opath(fd, minimal & 07777); - if (r < 0) - return r; + if (r < 0) { + if (!path || r != -ENOSYS) + return r; + + /* Fallback path which doesn't use /proc/self/fd/. */ + if (chmod(path, minimal & 07777) < 0) + return -errno; + } } } @@ -274,8 +284,14 @@ int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { if (do_chmod) { r = fchmod_opath(fd, mode & 07777); - if (r < 0) - return r; + if (r < 0) { + if (!path || r != -ENOSYS) + return r; + + /* Fallback path which doesn't use /proc/self/fd/. */ + if (chmod(path, mode & 07777) < 0) + return -errno; + } } return do_chown || do_chmod; diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h index 027037f7a7..7bac25704f 100644 --- a/src/basic/fs-util.h +++ b/src/basic/fs-util.h @@ -34,7 +34,10 @@ int readlink_value(const char *p, char **ret); int readlink_and_make_absolute(const char *p, char **r); int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid); -int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid); +int fchmod_and_chown_with_fallback(int fd, const char *path, mode_t mode, uid_t uid, gid_t gid); +static inline int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) { + return fchmod_and_chown_with_fallback(fd, NULL, mode, uid, gid); /* no fallback */ +} int fchmod_umask(int fd, mode_t mode); int fchmod_opath(int fd, mode_t m); diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index dd55360ee5..5aa3531012 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -391,17 +391,21 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to open temporary copy of %s: %m", passwd_path); original = fopen(passwd_path, "re"); if (original) { - r = copy_rights(fileno(original), fileno(passwd)); + /* Allow fallback path for when /proc is not mounted. On any normal system /proc will be + * mounted, but e.g. when 'dnf --installroot' is used, it might not be. There is no security + * relevance here, since the environment is ultimately trusted, and not requiring /proc makes + * it easier to depend on sysusers in packaging scripts and suchlike. */ + r = copy_rights_with_fallback(fileno(original), fileno(passwd), passwd_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", + passwd_path, passwd_tmp); while ((r = fgetpwent_sane(original, &pw)) > 0) { - i = ordered_hashmap_get(users, pw->pw_name); if (i && i->todo_user) return log_error_errno(SYNTHETIC_ERRNO(EEXIST), @@ -419,16 +423,17 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char r = putpwent_sane(pw, passwd); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing user \"%s\" to temporary passwd file: %m", + pw->pw_name); } if (r < 0) - return r; + return log_debug_errno(r, "Failed to read %s: %m", passwd_path); } else { if (errno != ENOENT) - return -errno; + return log_debug_errno(errno, "Failed to open %s: %m", passwd_path); if (fchmod(fileno(passwd), 0644) < 0) - return -errno; + return log_debug_errno(errno, "Failed to fchmod %s: %m", passwd_tmp); } ORDERED_HASHMAP_FOREACH(i, todo_uids) { @@ -464,25 +469,27 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char r = putpwent_sane(&n, passwd); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add new user \"%s\" to temporary passwd file: %m", + pw->pw_name); } /* Append the remaining NIS entries if any */ while (pw) { r = putpwent_sane(pw, passwd); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing user \"%s\" to temporary passwd file: %m", + pw->pw_name); r = fgetpwent_sane(original, &pw); if (r < 0) - return r; + return log_debug_errno(r, "Failed to read %s: %m", passwd_path); if (r == 0) break; } r = fflush_and_check(passwd); if (r < 0) - return r; + return log_debug_errno(r, "Failed to flush %s: %m", passwd_tmp); *tmpfile = TAKE_PTR(passwd); *tmpfile_path = TAKE_PTR(passwd_tmp); @@ -503,19 +510,19 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to open temporary copy of %s: %m", shadow_path); lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY); original = fopen(shadow_path, "re"); if (original) { - r = copy_rights(fileno(original), fileno(shadow)); + r = copy_rights_with_fallback(fileno(original), fileno(shadow), shadow_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", + shadow_path, shadow_tmp); while ((r = fgetspent_sane(original, &sp)) > 0) { - i = ordered_hashmap_get(users, sp->sp_namp); if (i && i->todo_user) { /* we will update the existing entry */ @@ -533,16 +540,18 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char r = putspent_sane(sp, shadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing user \"%s\" to temporary shadow file: %m", + sp->sp_namp); + } if (r < 0) - return r; + return log_debug_errno(r, "Failed to read %s: %m", shadow_path); } else { if (errno != ENOENT) - return -errno; + return log_debug_errno(errno, "Failed to open %s: %m", shadow_path); if (fchmod(fileno(shadow), 0000) < 0) - return -errno; + return log_debug_errno(errno, "Failed to fchmod %s: %m", shadow_tmp); } ORDERED_HASHMAP_FOREACH(i, todo_uids) { @@ -591,18 +600,20 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char r = putspent_sane(&n, shadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add new user \"%s\" to temporary shadow file: %m", + sp->sp_namp); } /* Append the remaining NIS entries if any */ while (sp) { r = putspent_sane(sp, shadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing user \"%s\" to temporary shadow file: %m", + sp->sp_namp); r = fgetspent_sane(original, &sp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to read %s: %m", shadow_path); if (r == 0) break; } @@ -611,7 +622,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char r = fflush_sync_and_check(shadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to flush %s: %m", shadow_tmp); *tmpfile = TAKE_PTR(shadow); *tmpfile_path = TAKE_PTR(shadow_tmp); @@ -632,14 +643,15 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char ** r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to open temporary copy of %s: %m", group_path); original = fopen(group_path, "re"); if (original) { - r = copy_rights(fileno(original), fileno(group)); + r = copy_rights_with_fallback(fileno(original), fileno(group), group_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", + group_path, group_tmp); while ((r = fgetgrent_sane(original, &gr)) > 0) { /* Safety checks against name and GID collisions. Normally, @@ -664,18 +676,19 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char ** r = putgrent_with_members(gr, group); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing group \"%s\" to temporary group file: %m", + gr->gr_name); if (r > 0) group_changed = true; } if (r < 0) - return r; + return log_debug_errno(r, "Failed to read %s: %m", group_path); } else { if (errno != ENOENT) - return -errno; + return log_debug_errno(errno, "Failed to open %s: %m", group_path); if (fchmod(fileno(group), 0644) < 0) - return -errno; + return log_debug_errno(errno, "Failed to fchmod %s: %m", group_tmp); } ORDERED_HASHMAP_FOREACH(i, todo_gids) { @@ -687,7 +700,8 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char ** r = putgrent_with_members(&n, group); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add new group \"%s\" to temporary group file: %m", + gr->gr_name); group_changed = true; } @@ -696,18 +710,19 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char ** while (gr) { r = putgrent_sane(gr, group); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing group \"%s\" to temporary group file: %m", + gr->gr_name); r = fgetgrent_sane(original, &gr); if (r < 0) - return r; + return log_debug_errno(r, "Failed to read %s: %m", group_path); if (r == 0) break; } r = fflush_sync_and_check(group); if (r < 0) - return r; + return log_debug_errno(r, "Failed to flush %s: %m", group_tmp); if (group_changed) { *tmpfile = TAKE_PTR(group); @@ -729,15 +744,16 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to open temporary copy of %s: %m", gshadow_path); original = fopen(gshadow_path, "re"); if (original) { struct sgrp *sg; - r = copy_rights(fileno(original), fileno(gshadow)); + r = copy_rights_with_fallback(fileno(original), fileno(gshadow), gshadow_tmp); if (r < 0) - return r; + return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", + gshadow_path, gshadow_tmp); while ((r = fgetsgent_sane(original, &sg)) > 0) { @@ -749,7 +765,8 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch r = putsgent_with_members(sg, gshadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add existing group \"%s\" to temporary gshadow file: %m", + sg->sg_namp); if (r > 0) group_changed = true; } @@ -758,9 +775,9 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch } else { if (errno != ENOENT) - return -errno; + return log_debug_errno(errno, "Failed to open %s: %m", gshadow_path); if (fchmod(fileno(gshadow), 0000) < 0) - return -errno; + return log_debug_errno(errno, "Failed to fchmod %s: %m", gshadow_tmp); } ORDERED_HASHMAP_FOREACH(i, todo_gids) { @@ -771,29 +788,28 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch r = putsgent_with_members(&n, gshadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to add new group \"%s\" to temporary gshadow file: %m", + n.sg_namp); group_changed = true; } r = fflush_sync_and_check(gshadow); if (r < 0) - return r; + return log_debug_errno(r, "Failed to flush %s: %m", gshadow_tmp); if (group_changed) { *tmpfile = TAKE_PTR(gshadow); *tmpfile_path = TAKE_PTR(gshadow_tmp); } - return 0; -#else - return 0; #endif + return 0; } static int write_files(void) { _cleanup_fclose_ FILE *passwd = NULL, *group = NULL, *shadow = NULL, *gshadow = NULL; _cleanup_(unlink_and_freep) char *passwd_tmp = NULL, *group_tmp = NULL, *shadow_tmp = NULL, *gshadow_tmp = NULL; - const char *passwd_path = NULL, *group_path = NULL, *shadow_path = NULL, *gshadow_path = NULL; + const char *passwd_path, *shadow_path, *group_path, *gshadow_path; int r; passwd_path = prefix_roota(arg_root, "/etc/passwd"); @@ -821,31 +837,31 @@ static int write_files(void) { if (group) { r = make_backup("/etc/group", group_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to make backup %s: %m", group_path); } if (gshadow) { r = make_backup("/etc/gshadow", gshadow_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to make backup %s: %m", gshadow_path); } if (passwd) { r = make_backup("/etc/passwd", passwd_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to make backup %s: %m", passwd_path); } if (shadow) { r = make_backup("/etc/shadow", shadow_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to make backup %s: %m", shadow_path); } /* And make the new files count */ if (group) { r = rename_and_apply_smack_floor_label(group_tmp, group_path); if (r < 0) - return r; - + return log_debug_errno(r, "Failed to rename %s to %s: %m", + group_tmp, group_path); group_tmp = mfree(group_tmp); if (!arg_root && !arg_image) @@ -854,7 +870,8 @@ static int write_files(void) { if (gshadow) { r = rename_and_apply_smack_floor_label(gshadow_tmp, gshadow_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to rename %s to %s: %m", + gshadow_tmp, gshadow_path); gshadow_tmp = mfree(gshadow_tmp); } @@ -862,7 +879,8 @@ static int write_files(void) { if (passwd) { r = rename_and_apply_smack_floor_label(passwd_tmp, passwd_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to rename %s to %s: %m", + passwd_tmp, passwd_path); passwd_tmp = mfree(passwd_tmp); @@ -872,7 +890,8 @@ static int write_files(void) { if (shadow) { r = rename_and_apply_smack_floor_label(shadow_tmp, shadow_path); if (r < 0) - return r; + return log_debug_errno(r, "Failed to rename %s to %s: %m", + shadow_tmp, shadow_path); shadow_tmp = mfree(shadow_tmp); } @@ -881,10 +900,6 @@ static int write_files(void) { } static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) { - struct passwd *p; - struct group *g; - const char *n; - Item *i; /* Let's see if we already have assigned the UID a second time */ if (ordered_hashmap_get(todo_uids, UID_TO_PTR(uid))) @@ -893,6 +908,8 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) { /* Try to avoid using uids that are already used by a group * that doesn't have the same name as our new user. */ if (check_with_gid) { + Item *i; + i = ordered_hashmap_get(todo_gids, GID_TO_PTR(uid)); if (i && !streq(i->name, name)) return 0; @@ -903,6 +920,8 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) { return 0; if (check_with_gid) { + const char *n; + n = hashmap_get(database_by_gid, GID_TO_PTR(uid)); if (n && !streq(n, name)) return 0; @@ -910,6 +929,9 @@ static int uid_is_ok(uid_t uid, const char *name, bool check_with_gid) { /* Let's also check via NSS, to avoid UID clashes over LDAP and such, just in case */ if (!arg_root) { + struct passwd *p; + struct group *g; + errno = 0; p = getpwuid(uid); if (p) @@ -1109,7 +1131,8 @@ static int add_user(Item *i) { i->name, i->uid, i->gid); i->todo_user = true; - log_info("Creating user %s (%s) with uid " UID_FMT " and gid " GID_FMT ".", i->name, strna(i->description), i->uid, i->gid); + log_info("Creating user %s (%s) with uid " UID_FMT " and gid " GID_FMT ".", + i->name, strna(i->description), i->uid, i->gid); return 0; } |